Bug 1335616 - Backport Apache PR58118 to fix mod_proxy_fcgi spamming non-errors: AH01075: Error dispatching request to : (passing brigade to output filters)
Summary: Backport Apache PR58118 to fix mod_proxy_fcgi spamming non-errors: AH01075: E...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: httpd
Version: httpd24
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: alpha
: 2.4
Assignee: Luboš Uhliarik
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1353740
TreeView+ depends on / blocked
 
Reported: 2016-05-12 16:20 UTC by Ryan Sawhill
Modified: 2017-04-26 10:21 UTC (History)
2 users (show)

(edit)
Clone Of:
: 1353740 (view as bug list)
(edit)
Last Closed: 2017-04-26 10:21:59 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1161 normal SHIPPED_LIVE Moderate: httpd24-httpd security, bug fix, and enhancement update 2017-04-26 14:19:21 UTC

Description Ryan Sawhill 2016-05-12 16:20:41 UTC
Description of problem:

httpd24 configured as reverse proxy for PHP-FPM (rh-php56-php-fpm from RHSCL) via standard ProxyPassMatch:

    ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1

Lots of clients are hitting this and things seem to work fine, but the logs fill up with messages like this:

    [Wed May 04 11:08:46.482577 2016] [proxy_fcgi:error] [pid 34770] (104)Connection reset by peer: [client 10.0.0.1:59660] AH01075: Error dispatching request to : (passing brigade to output filters), referrer: https://www.example.com

There is a bugzilla at https://bugzilla.redhat.com/show_bug.cgi?id=1287571 that requests upgrade to 2.4.17 but according to http://www.apache.org/dist/httpd/CHANGES_2.4.20 it might have been fixed in 2.4.19. Ref:

    Changes with Apache 2.4.19
    ...
      *) mod_proxy_fcgi: Suppress HTTP error 503 and message 01075,
         "Error dispatching request", when the cause appears to be
         due to the client closing the connection.
         PR58118.  [Tobias Adolph <adolph lrz.de>]

Can this be backported to httpd24?

Comment 8 Jan Houska 2017-03-17 16:06:06 UTC
Verified:

*New Pass:
version httpd24-httpd-2.4.25-8.el6.x86_64
and 
httpd24-httpd-2.4.25-8.el7.x86_64

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running not complete request to apache server. :: actually running 'curl hp-dl80gen9-01.khw.lab.eng.bos.redhat.com/index.php > /dev/null  & sleep 1; pkill curl'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  303M    0  303M    0     0   584M      0 --:--:-- --:--:-- --:--:--  584M/usr/share/beakerlib/testing.sh: line 668:  6223 Terminated              curl hp-dl80gen9-01.khw.lab.eng.bos.redhat.com/index.php > /dev/null
:: [   PASS   ] :: Running not complete request to apache server. (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/httpd24/access_log' should not contain ' 503 ' 
============output of /var/log/httpd24/access_log===========
2620:52:0:10bb:1658:d0ff:fed3:ddaf - - [17/Mar/2017:09:56:20 -0400] "GET /index.php HTTP/1.1" 200 696032733 "-" "curl/7.47.1"
===========/output of /var/log/httpd24/access_log===========
:: [   PASS   ] :: File '/var/log/httpd24/error_log' should not contain 'Error dispatching request' 
:: [   PASS   ] :: File '/var/log/httpd24/error_log' should not contain 'AH01075' 
============output of /var/log/httpd24/error_log===========
[Fri Mar 17 09:56:16.056506 2017] [core:notice] [pid 6028] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Fri Mar 17 09:56:16.063874 2017] [suexec:notice] [pid 6028] AH01232: suEXEC mechanism enabled (wrapper: /opt/rh/httpd24/root/usr/sbin/suexec)
[Fri Mar 17 09:56:16.140412 2017] [auth_digest:notice] [pid 6029] AH01757: generating secret for digest authentication ...
[Fri Mar 17 09:56:16.140605 2017] [http2:warn] [pid 6029] AH02951: mod_ssl does not seem to be enabled
[Fri Mar 17 09:56:16.141531 2017] [lbmethod_heartbeat:notice] [pid 6029] AH02282: No slotmem from mod_heartmonitor
[Fri Mar 17 09:56:16.166801 2017] [mpm_prefork:notice] [pid 6029] AH00163: Apache/2.4.25 (Red Hat) mod_auth_kerb/5.4 PHP/5.5.21 mod_wsgi/4.5.13 Python/2.7 mod_perl/2.0.9dev Perl/v5.20.1 configured -- resuming normal operations
[Fri Mar 17 09:56:16.166827 2017] [core:notice] [pid 6029] AH00094: Command line: '/opt/rh/httpd24/root/usr/sbin/httpd'
===========/output of /var/log/httpd24/error_log===========
'a0d88d6b-e9ab-41a3-8128-51af36f9492c'
Test result: PASS
   metric: 0
   Log: /var/tmp/beakerlib-53238983/journal.txt
    Info: Searching AVC errors produced since 1489758980.64 (Fri Mar 17 09:56:20 2017)
     Searching logs...
     Info: No AVC messages found.
 Writing to /mnt/testarea/tmp.wAi9GV
:
   AvcLog: /mnt/testarea/tmp.wAi9GV


*Old Fail 
versions:
httpd24-httpd-2.4.18-11.el6.x86_64
and 
httpd24-httpd-2.4.18-11.el7.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [  BEGIN   ] :: Running not complete request to apache server. :: actually running 'curl qeos-177.lab.eng.rdu2.redhat.com/index.php > /dev/null  & sleep 1; pkill curl'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  246M    0  246M    0     0   465M      0 --:--:-- --:--:-- --:--:--  466M/usr/share/beakerlib/testing.sh: řádek 781:  4612 Ukončen (SIGTERM)      curl qeos-177.lab.eng.rdu2.redhat.com/index.php > /dev/null
:: [   PASS   ] :: Running not complete request to apache server. (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/httpd24/access_log' should not contain ' 503 ' 
============output of /var/log/httpd24/access_log===========
172.16.36.177 - - [17/Mar/2017:12:02:49 -0400] "GET /index.php HTTP/1.1" 200 523538550 "-" "curl/7.47.1"
===========/output of /var/log/httpd24/access_log===========
:: [   FAIL   ] :: File '/var/log/httpd24/error_log' should not contain 'Error dispatching request' 
:: [   FAIL   ] :: File '/var/log/httpd24/error_log' should not contain 'AH01075' 
============output of /var/log/httpd24/error_log===========
[Fri Mar 17 12:02:46.758864 2017] [core:notice] [pid 4490] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Mar 17 12:02:46.760008 2017] [suexec:notice] [pid 4490] AH01232: suEXEC mechanism enabled (wrapper: /opt/rh/httpd24/root/usr/sbin/suexec)
[Fri Mar 17 12:02:46.798062 2017] [auth_digest:notice] [pid 4490] AH01757: generating secret for digest authentication ...
[Fri Mar 17 12:02:46.798170 2017] [http2:warn] [pid 4490] AH02951: mod_ssl does not seem to be enabled
[Fri Mar 17 12:02:46.798865 2017] [lbmethod_heartbeat:notice] [pid 4490] AH02282: No slotmem from mod_heartmonitor
[Fri Mar 17 12:02:46.867263 2017] [mpm_prefork:notice] [pid 4490] AH00163: Apache/2.4.18 (Red Hat) mod_auth_kerb/5.4 PHP/5.6.25 configured -- resuming normal operations
[Fri Mar 17 12:02:46.867285 2017] [core:notice] [pid 4490] AH00094: Command line: '/opt/rh/httpd24/root/usr/sbin/httpd -D FOREGROUND'
[Fri Mar 17 12:02:50.560340 2017] [proxy_fcgi:error] [pid 4495] (32)Broken pipe: [client 172.16.36.177:50866] AH01075: Error dispatching request to : (passing brigade to output filters)
===========/output of /var/log/httpd24/error_log===========

Comment 10 errata-xmlrpc 2017-04-26 10:21:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1161


Note You need to log in before you can comment on or make changes to this bug.